WASHINGTON, DC -- Kenneth Kwak, 34, of Chantilly, Va., pled guilty today in the District of Columbia federal court before U.S. District Judge Royce Lamberth to a one-count information charging him with unauthorized access to a protected computer in furtherance of a criminal or tortious act, Assistant Attorney General Alice S. Fisher of the Criminal Division and U.S. Attorney Kenneth L. Wainstein for the District of Columbia announced today.
According to a statement of facts filed with the guilty plea, Kwak was a system auditor working on federal information security management audits as a member of the Department of Education's Office of Inspector General. Kwak placed software on a supervisor's computer which enabled him to access the computer's storage at will. He later used that access on numerous occasions to view his supervisor's email and Internet activity as well as other communications, and to share those communications with others in his office. Kwak carried out his crime and invaded his supervisor's privacy for personal entertainment; there is no indication he profited financially from his actions.
"This case is an example of our zero-tolerance approach to public corruption and computer hacking, and highlights the excellent working relationship between our office and the Computer Crime and Intellectual Property Section of the Criminal Division," said U.S. Attorney Wainstein.
Kwak faces a maximum penalty of five years in prison and a fine of $250,000 for the crimes to which he pled guilty. A sentencing date has not been set.
The matter was investigated by the Computer Crime Investigations Division of the Department of Education's Inspector General's Office. The case was prosecuted by Senior Counsel William Yurek (cross-designated as a Special Assistant U.S. Attorney in the D.C. U.S. Attorney's Office), along with assistance by Trial Attorney Howard Cox, both of the Computer Crime and Intellectual Property Section in the DOJ Criminal Division. The prosecution was part of the "zero-tolerance policy" recently adopted by the U.S. Attorney's Office regarding intrusions into U.S. government computer systems.